Campus Switching and Routing

Reply

ArubaVPN with MAS and alerting when the tunnel is down

Maybe i simply missed this somewhere but how can I be alerted when a VPN tunnel between a MAS and a controller is offline using Airwave?

 

I will be relying on this alert to proactively investigate issues.

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite

Re: ArubaVPN with MAS and alerting when the tunnel is down

Do you have syslog being sent to AirWave? You can create an alert trigger that keys off the relevant log text. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: ArubaVPN with MAS and alerting when the tunnel is down

Not currently since Airwave does not sit behind the tunnel, it will have to go to a public IP for that. Shouldn’t be an issue. Simply send logging to <public_ip>
Add the switch using port forwarding rules from the public side or maybe I can key off the controller logs?

Airwave is at our DC, MAS is at the dealership and WLC is at customers DC.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: ArubaVPN with MAS and alerting when the tunnel is down

So I got this to work finally.

the MAS generates the following syslog message

 

Dec 17 17:43:29 :217002:  <WARN> |l3m|  Vlan interface _aruba-vpn link state down

I then made sure my MAS was sending syslog message to my Airwave by typing

conf t
logging <Airwave_IP>
exit
wr me

On Airwave, in System -> Syslog & traps, if I filter by my device or just search for

_aruba-vpn

 You will see the following:
vpn.JPG

At this point you create a trigger that matches the device event with the contents of the syslog message and send an email to yourself.

 

trigger.png

You then get the alert in Airwave

evfent.png

You will then receive the email as well:

Device Event: Event Contents matches Vlan interface _aruba-vpn link state down and Event Type is Syslog
Severity: Critical
Time: Thu Dec 17 17:45:17 2015
Notes: VPN DOWN!!!!

Device: HON-ON-MAR-00001-SW1 - https://wlan-aw-1.c6.dv/ap_monitoring?id=15421
Group: Canada
Folder: Top > Canada > HON-ON-MAR-00001 > Switch
Location: 
Alert Time: 2015-12-17T17:45:16-05:00

Message: Dec 17 17:43:29 HON-ON-MAR-00001-SW1:PRI-0 l3m[1567]: <217002> <WARN> |l3m|  Vlan interface _aruba-vpn link state down

Bingo Bango

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: